If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Problem with PSPS.exe

I'm a newbie so treat me gently! Hello to everyone here. I am just a basic learner about security at this stage.

I don't know if this is is a common problem. I have searched here and a few other sites and can find no mention of this file. So here goes.

I am running WIN98, a broadband connection, Sygate Personal Firewall, VET Antivirus and IE6. Sygate shows that when I startup, the program PSPS.exe creates a major incoming attack - so I've blocked it. This file is located at c:\windows\all users\start menu\programs\startup. It can't be deleted in Windows. I can no longer access the DOS command line by shutting down windows and restarting in DOS - the machine just locks up. The only way to get there is to use an emergency boot disk. When I do it seems impossible to delete this file - I finally worked out how and found that it reinstalls when you reboot into windows.

I don't know what this file is or actually does, or if it is something bad - but is does seem supicious. But some other things have been happening recently on my machine which may or may not be related. The machine seems to stall regularly and just sit waiting for up to 10 or more seconds before it executes a command. I can't run defragmenter as the disk keeps getting accessed by something every 30 seconds or so - yet I've turned off the obvious things and it used to run without problems.

I've tried tracing the attack via Sygate and get this info from "whois" -

Powerd: Silly question...... How can a program on your machine create an _incoming_ attack? Can you show us the details of what Sygate is showing you?

Don\'t SYN us.... We\'ll SYN you..... \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Cheyenne1212 - yes it is in startup, but whatever I try doesn't delte it. I've just discovered that Sygate can terminate it but then I can't connect to my broadband. So maybe it is related to the broadband connection - I've just emailed them for ideas. I don't think its Postscript related - firstly, it would probably identify itself as that, secondly I don'r run a postscript printer, thirdly wouldn't that stuff be in a printer driver area?

Deadcrow - I run VET antivirus with recent update, it loads at boot and I've checked this file with it and it doesn't find anything suspicious.

Don\'t SYN us.... We\'ll SYN you..... \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

powerd - I think you missed cheyenne1212's point. Click Start->Run->Type "msconfig"->Hit OK. This will bring up a list of everything that starts up on your computer, not just what's in the Startup folder. The best way to remove the program is to click on the far right tab, and uncheck anything that looks suspisious (most likely SPSP.exe will not appear there, the reinstalling program will, though). After you remove it from there, reboot your computer with a DOS disk (click start->settings->Control Panel->Add/Remove Programs->Windows Components->Make Boot Disk (I forget the exact wording of the last two buttons.). Then browse out to the place where the files you removed from startup are located and RENAME them (in case you accidentally unchecked a good program). Then go to your startup folder and delete SPSP.exe. By removing it from startup, and anything else that may be replacing it on boot, you can get rid of the program completely.

Good Luck, Hope this helped.

Intelligent people talk about ideas. Average people talk about things. Small people talk about other people.

Thanks for the pointers. I have actually done this - PSPS.exe actually shows up there, but there is nothing else that suggests it is related to it there. If you turn it off, then it turns itself on on reboot. If you turn it off and remove it from the directory using a boot disk, it reinstalls itself and loads - but I cannot find from where.